nanog mailing list archives
Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?
From: Jon Lewis <jlewis () lewis org>
Date: Tue, 25 Aug 2020 08:13:59 -0400 (EDT)
On Tue, 25 Aug 2020, Douglas Fischer wrote:
I think that the subject of the e-mail is very self-explanatory. With some analysis of what is running over our network, ISP or ITP, we will be able to see some TCP/UDP(mostly UDP) packets with source or destination to port 0. I can think of a genuine use of it. (Maybe someone cloud help me see what I'm not seen.) So I have two questions: a) Should an ISP block that Kind of traffic? (like anti-spoofing on BNG/B-RAS) b) Should a Transit Provider block that Kind of traffic?
When an application sends more data via UDP than can be fit in a single packet, only the first packet has a UDP header [where the port info is stored]. The rest of the fragments have no UDP header, which most things will report as UDP src/dst port = 0. That traffic may be totally legitimate, so I would say, as an ISP/Transit Provider, you probably wouldn't want to just block all UDP port 0 traffic.
For each link in your network where you have the ability, you might profile and then police UDP traffic, especially the ports commonly seen in reflection DDoS attacks (and port 0).
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?, (continued)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Mike Hammett (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Pim van Stam (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Töma Gavrichenkov (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Job Snijders (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? K. Scott Helms (Aug 25)
- Message not available
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? John Kristoff (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Tom Beecher (Aug 25)
- Message not available
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? K. Scott Helms (Aug 26)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Nick Hilliard (Aug 26)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? K. Scott Helms (Aug 26)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Töma Gavrichenkov (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Douglas Fischer (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Mel Beckman (Aug 25)
- Re: TCP and UDP Port 0 - Should an ISP or ITP Block it? Matthew Petach (Aug 25)
- RE: TCP and UDP Port 0 - Should an ISP or ITP Block it? adamv0025 (Aug 25)